CrowdStrike expands Falcon platform with XDR for IoT assets

Cybersecurity vendor CrowdStrike has announced the release of new extended detection and response (XDR) capabilities within its Falcon platform to secure extended internet of things (XIoT) assets including IoT, Industrial IoT, OT, and medical devices. CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets to help customers secure their organization with the same platform across IoT, IT endpoints, cloud workloads, identities, and data, CrowdStrike said.

The challenges posed to organizations and security teams in effectively securing diverse IoT resources remain stark, while the threats posed to IoT assets subject enterprises to significant risks, attacks, and vulnerabilities.

IT/OT convergence driving IoT security challenges, risks

The mass convergence of IT and OT forces security teams to secure critical infrastructure systems. However, traditional IT security solutions don’t interoperate with XIoT assets, lack context for effective threat prevention and detection, and disrupt operations, CrowdStrike said in a press release. CrowdStrike Falcon Insight for IoT collects and leverages asset-specific context to drive tailored XIoT threat prevention policy and high-fidelity detection, CrowdStrike claimed.

“With the acceleration of OT digital transformation, organizations are struggling to address security challenges including stopping sophisticated attacks and dealing with operational complexity in securing XIoT assets in industrial control systems (ICS) networks,” said Michael Sentonas, president of CrowdStrike.

CrowdStrike said Falcon Insight for IoT’s key features include:

• XIoT threat detection reduces risk and improves business continuity by identifying threats via asset-specific context such as device type, OS version, and protocols.
• Tailored, AI-based threat prevention stops threats at the source, with custom policy recommendations for XIoT assets that empower organizations to limit system burden and manage sensor updates.
• Response for hard-to-patch assets contains threats with integrated response actions, such as host/process containment and USB device control.
• A lightweight agent provides interoperability with mission critical XIoT assets that is tested and validated by ICS vendors.
• Deep integrations with CrowdStrike Alliance and XIoT partners enhance protection, detection, and response.

IoT security, threat detection/response challenges mount up for businesses

The challenges and risks organizations face in securing their extensive IoT footprints and detecting/responding to IoT-related threats are considerable. “One of the biggest challenges is visibility,” Hollie Hennessy, senior analyst, IoT cybersecurity at Omdia, tells CSO. “Organizations need to be able to have an accurate picture of devices that are connected to their network, yet Omdia’s research shows one in five don’t regularly perform an audited inventory of connected devices. Without this picture, it can be difficult to reach and deploy an effective cybersecurity program.” This is paired with the different technologies, operating systems, devices, and departments which IoT spans across, Hennessy adds.

For most enterprises, IoT-related incidents involve malware or the targeting of devices with poor security to access the IT side of the network, Hennessy says. However, for an organization like a hospital with medical IoT devices, the worst-case scenario could impact human life. “Similarly, there could be operational impact and financial impact if processes in an OT environment were to be manipulated, and there could also be an impact on worker safety. This impact needs to be considered when assessing risk.”

Threat detection and response is one part of effective cybersecurity for IoT – but it can require specialist solutions, compared to products you may see in the IT space. “In order to be effective, threat detection and response for IoT/OT/medical IoT needs to be contextualized, assessed, and analyzed in light of the organization’s environment – including the devices that are connected to the network, their interactions, and behavior.”

IoT, ICS assets are vulnerable, attractive attack targets

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories covering vulnerabilities in ICS and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws were rated critical and two of them already have public exploits.

Meanwhile, a report from industrial cybersecurity firm Otorio recently highlighted the attack vectors industrial wireless IoT devices are susceptible to along with vulnerabilities the company’s researchers found in several such products. “Industrial wireless IoT devices and their cloud-based management platforms are attractive targets to attackers looking for an initial foothold in industrial environments” the researchers said in their report. “This is due to the minimal requirements for exploitation and potential impact.”